Results 1 to 6 of 6

Thread: i need some explantations about exploits

  1. #1
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    1

    Question i need some explantations about exploits

    hello, i have some questions on which i could not find answers, so i decided to ask here. I must say that i'm quite new in backtrack. Here is my question...every tutorial, every post and every video which i have looked about penetrating is about sm08_067_netapi, but if i understod good enough, it is just for computers that are in same network (every RHOST address is 192.168.1......), i'm interested about, which exploit should be used to penetrait in system which is not in our network???? I'm not sure that i asked propertly what i want to know...some tutorials would be useful or some recomandation what should i look for....thank you

  2. #2
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    3

    Default Re: i need some explantations about exploits

    Well, considering the fact that most "exploits" are done first once gaining access to the network, I'm really failing to understand what it is you're trying to do.

    However, if -say- you're trying test your firewall capability, you can easily try throwing commands at your IP address using a tunnel on various open ports. The idea is you want to try to figure out what it is the network is running, as many programs use specific ports and usually admins fail to use non-standard ones.

    A good place to start, especially if you're running apache servers and such, is to constantly check for security holes in the updates for those products. Rule of thumb is to not necessarily stay up to date, but use stable builds.

    I'm being quite vague in my post, I realize, but these are things that are easily looked up and are generally specific to a network.

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: i need some explantations about exploits

    If only someone had written a HowTo on how exploits work....

    Your question also contains an unstated assumption that makes me think you would also benefit from brushing up on your TCP/IP-fu. TCP/IP Illustrated or the Cisco CCNA Study Guide are both excellent references.

    I should also mention that your interest in penetration of systems outside of your own network might take this thread on a detour to "ban county", so lets ensure we keep the discussion focused on systems that we have permission to access.
    Last edited by lupin; 03-22-2010 at 09:51 AM.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: i need some explantations about exploits

    Along with TCP/IP Illustrated or the CNA Study guide you should probably also brush up on RFC 1918 and do some reading about ms08_067_netapi. Then you should realize of course that there is no big read "h4x0r 1t n0wz!" button and that actually exploiting a system requires that you have at least some knowledge of the relevant services and vulnerabilities.

    If you didn't know how to swim would you climb up on the high tower and dive into the deep end of the pool? Because that's basically what you're attempting to do here....
    Last edited by thorin; 03-22-2010 at 03:40 PM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Senior Member micole's Avatar
    Join Date
    Jan 2010
    Location
    Charleston, SC
    Posts
    121

    Default Re: i need some explantations about exploits

    Quote Originally Posted by thorin View Post
    Then you should realize of course that there is no big read "h4x0r 1t n0wz!" button and that actually exploiting a system requires that you have at least some knowledge of the relevant services and vulnerabilities.....
    I still want one of those "H4x0r 17 n0wz!" buttons... Wanna make a script for it?

    Quote Originally Posted by thorin View Post
    If you didn't know how to swim would you climb up on the high tower and dive into the deep end of the pool? Because that's basically what you're attempting to do here....
    I would only jump if there were lifeguards... But, for your analogy it would be like jumping into a pool of acid without a hazmat suit in space where no one can hear you scream, but the government can still throw you in jail
    Common Knowledge: Username, "root". Password, "toor". "startx" gives you a GUI, and "fix-vesa" will fix BT if you have no GUI. Start networking with "/etc/init.d/networking start" and check your IP settings with "ifconfig -a". "dhclient" will automatically use DHCP for your IP. Google is your friend.

  6. #6
    Member whitelisted's Avatar
    Join Date
    Feb 2010
    Posts
    72

    Default Re: i need some explantations about exploits

    Quote Originally Posted by micole View Post
    But, for your analogy it would be like jumping into a pool of acid without a hazmat suit in space where no one can hear you scream, but the government can still throw you in jail
    nah, it's definitely not the same as jumping into a pool of acid: he's already said the computers are outside of his network, so I'd say it's more like throwing someone else into a pool of acid.

Similar Threads

  1. Writing Buffer Overflow Exploits using BackTrack
    By lupin in forum BackTrack Howtos
    Replies: 41
    Last Post: 04-01-2011, 08:49 PM
  2. How do I learn how exploits work?
    By kervizic in forum Beginners Forum
    Replies: 5
    Last Post: 03-11-2010, 03:51 PM
  3. Browser exploits with an existing meterpreter listener
    By mcjon3z in forum Beginners Forum
    Replies: 0
    Last Post: 02-17-2010, 01:39 AM
  4. Durzosploit - exploits generator framework
    By McFranco in forum Tool Requests
    Replies: 1
    Last Post: 01-26-2010, 11:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •